Although the concept of “Risk Based Approach” is not new to Validation, it is not often applied to the Quality Review for a Validation project. With the realities of increased volume of validation work and finite QA resources, it makes sense to target the Quality Review on the areas of most significance. I’ve mocked up this frame work to do exactly that. Any thoughts?
Targeted, Risk-based CSV Operational Quality (QA) Review
Request for Quality Review: The Validation Team (Business/Technical/Validation unit provides the list of deliverables to be generated for a given project in conjunction with the request for Quality Unit Review for the project.
The Quality Impact Assessment is conducted independently by the Quality Unit to determine the level of review required for a given Validation project. The Quality Unit will review and sign the Risk Assessment.
There will be an Internal Escalation Process to the QA review triggered by various flags or issues (e.g., request from stakeholders, problems detected during review, etc.) that can potentially increase the level of Quality Review within a project.
|Quality Impact Assessment||Targeted QA Review||QA Approvals||Example Scenario|
|Critical||All deliverables; 100% Review||Risk Assessment, Plan, Report||Directed; GMP LIMS for Release|
|High||Risk Assessment, Plan, User Requirements, Report, Sampling of Scripts (e.g., SQ N+1)||Risk Assessment, Plan, Report||PVDB; Clinical DB; Primary GLP Data System (e.g., SDMS)|
|Medium||Risk Assessment, Plan, Report||Risk Assessment, Plan, Report||Clinical Trial Management System (Monitoring), Laboratory Data Generating System|
|Low||Risk Assessment||Risk Assessment||Indirect GxP System (e.g., Learning Management System)|